sqreen 1.21.0.beta2 → 1.21.0.beta3

data/lib/sqreen/graft/hook_point.rb

@@ -23,6 +23,8 @@ module Sqreen
     end
 
     class HookPoint
+      DEFAULT_STRATEGY = Module.respond_to?(:prepend) ? :prepend : :chain
+
       def self.parse(hook_point)
         klass_name, separator, method_name = hook_point.split(/(\#|\.)/, 2)
 
@@ -36,13 +38,13 @@ module Sqreen
 
       attr_reader :klass_name, :method_kind, :method_name
 
-      def initialize(hook_point, strategy = :chain)
+      def initialize(hook_point, strategy = DEFAULT_STRATEGY)
         @klass_name, @method_kind, @method_name = Sqreen::Graft::HookPoint.parse(hook_point)
         @strategy = strategy
       end
 
       def to_s
-        "#{@klass_name}#{@method_kind == :instance_method ? '#' : '.'}#{@method_name}"
+        @to_s ||= "#{@klass_name}#{@method_kind == :instance_method ? '#' : '.'}#{@method_name}"
       end
 
       def exist?
@@ -177,23 +179,30 @@ module Sqreen
 
       private
 
-      def prepend(key)
+      def hook_spot(key)
         target = klass_method? ? klass.singleton_class : klass
         mod = target.ancestors.each { |e| break if e == target; break(e) if e.class == HookSpot && e.key == key }
+        raise "Inconsistency detected: #{target} missing from its own ancestors" if mod.is_a?(Array)
+
+        [target, mod]
+      end
+
+      def prepend(key)
+        target, mod = hook_spot(key)
+
         mod ||= HookSpot.new(key)
+
         target.instance_eval { prepend(mod) }
       end
 
       def prepended?(key)
-        target = klass_method? ? klass.singleton_class : klass
-        mod = target.ancestors.each { |e| break if e == target; break(e) if e.class == HookSpot && e.key == key }
+        _, mod = hook_spot(key)
 
         mod != nil
       end
 
       def overridden?(key)
-        target = klass_method? ? klass.singleton_class : klass
-        mod = target.ancestors.each { |e| break if e == target; break(e) if e.class == HookSpot && e.key == key }
+        _, mod = hook_spot(key)
 
         (mod.instance_methods(false) + mod.protected_instance_methods(false) + mod.private_instance_methods(false)).include?(method_name)
       end
@@ -202,8 +211,7 @@ module Sqreen
         hook_point = self
         method_name = @method_name
 
-        target = klass_method? ? klass.singleton_class : klass
-        mod = target.ancestors.each { |e| break if e == target; break(e) if e.class == HookSpot && e.key == key }
+        _, mod = hook_spot(key)
 
         mod.instance_eval do
           if hook_point.private_method?
@@ -221,8 +229,7 @@ module Sqreen
       def unoverride(key)
         method_name = @method_name
 
-        target = klass_method? ? klass.singleton_class : klass
-        mod = target.ancestors.each { |e| break if e == target; break(e) if e.class == HookSpot && e.key == key }
+        _, mod = hook_spot(key)
 
         mod.instance_eval { remove_method(method_name) }
       end

data/lib/sqreen/legacy/instrumentation.rb

@@ -109,7 +109,7 @@ module Legacy
             break if res.is_a?(Hash) && res[:skip_rem_cbs]
           rescue StandardError => e
             Sqreen.log.warn { "we catch an exception: #{e.inspect}" }
-            Sqreen.log.debug e.backtrace
+            Sqreen.log.debug { e.backtrace }
             if cb.respond_to?(:record_exception)
               cb.record_exception(e)
             else
@@ -162,7 +162,7 @@ module Legacy
             returns << res
           rescue StandardError => e
             Sqreen.log.warn { "we catch an exception: #{e.inspect}" }
-            Sqreen.log.debug e.backtrace
+            Sqreen.log.debug { e.backtrace }
             if cb.respond_to?(:record_exception)
               cb.record_exception(e)
             else
@@ -597,16 +597,25 @@ module Legacy
         method = cb.method
         key = [klass, method]
 
+        if (call_count = ENV['SQREEN_DEBUG_CALL_COUNT'])
+          call_count = JSON.parse(call_count)
+          if cb.respond_to?(:rule_name) && call_count.key?(cb.rule_name)
+            count = call_count[cb.rule_name]
+            Sqreen.log.debug { "override rule:#{cb.rule_name} call_count:#{count.inspect}" }
+            cb.instance_eval { @call_count_interval = call_count[cb.rule_name] }
+          end
+        end
+
         @@record_request_hookpoints << key if cb.is_a?(Sqreen::Rules::RecordRequestContext)
 
         already_overriden = @@overriden_methods.include? key
 
         if !already_overriden
           if is_class_method?(klass, method)
-            Sqreen.log.debug "overriding class method for #{cb}"
+            Sqreen.log.debug { "overriding class method for #{cb}" }
             success = override_class_method(klass, method)
           elsif is_instance_method?(klass, method)
-            Sqreen.log.debug "overriding instance method for #{cb}"
+            Sqreen.log.debug { "overriding instance method for #{cb}" }
             success = override_instance_method(klass, method)
           else
             # FIXME: Override define_method and other dynamic ways to
@@ -623,7 +632,7 @@ module Legacy
 
           @@overriden_methods += [key] if success
         else
-          Sqreen.log.debug "#{key} was already overriden"
+          Sqreen.log.debug { "#{key} was already overriden" }
         end
 
         if klass != Object && klass != Kernel && !Sqreen.features['instrument_all_instances'] && !defined?(::JRUBY_VERSION)
@@ -638,7 +647,7 @@ module Legacy
           end
         end
 
-        Sqreen.log.debug "Adding callback #{cb} for #{klass} #{method}"
+        Sqreen.log.debug { "Adding callback #{cb} for #{klass} #{method}" }
         @@registered_callbacks.add(cb)
         @@unovertimable_hookpoints << key unless cb.overtimeable
         @@instrumented_pid = Process.pid
@@ -659,7 +668,7 @@ module Legacy
 
       already_overriden = @@overriden_methods.include? key
       unless already_overriden
-        Sqreen.log.debug "#{key} apparently not overridden"
+        Sqreen.log.debug { "#{key} apparently not overridden" }
       end
 
       defined_cbs = @@registered_callbacks.get(klass, method).flatten
@@ -667,17 +676,17 @@ module Legacy
       nb_removed = 0
       defined_cbs.each do |found_cb|
         if found_cb == cb
-          Sqreen.log.debug "Removing callback #{found_cb}"
+          Sqreen.log.debug { "Removing callback #{found_cb}" }
           @@registered_callbacks.remove(found_cb)
           nb_removed += 1
         else
-          Sqreen.log.debug "Not removing callback #{found_cb} (remains #{defined_cbs.size} cbs)"
+          Sqreen.log.debug { "Not removing callback #{found_cb} (remains #{defined_cbs.size} cbs)" }
         end
       end
 
       return unless nb_removed == defined_cbs.size
 
-      Sqreen.log.debug "Removing overriden method #{key}"
+      Sqreen.log.debug { "Removing overriden method #{key}" }
       @@overriden_methods.delete(key)
 
       if is_class_method?(klass, method)
@@ -705,6 +714,7 @@ module Legacy
           remove_callback_no_lock(cb)
         end
         Sqreen.instrumentation_ready = false
+        Sqreen.log.info('Instrumentation deactivated')
       end
     end
 
@@ -757,6 +767,8 @@ module Legacy
       ### globally declare instrumentation ready
       ### from within instance method? not even thread local?
       Sqreen.instrumentation_ready = true
+
+      Sqreen.log.info('Instrumentation activated')
     end
 
     def initialize(metrics_engine = nil)

data/lib/sqreen/legacy/old_event_submission_strategy.rb

@@ -6,6 +6,7 @@
 require 'sqreen/aggregated_metric'
 require 'sqreen/log/loggable'
 require 'sqreen/legacy/waf_redactions'
+require 'sqreen/kit/string_sanitizer'
 
 module Sqreen
   module Legacy
@@ -172,7 +173,7 @@ module Sqreen
           res[:request][:parameters] = payload['params'] if payload['params']
           res[:request][:headers] = payload['headers'] if payload['headers']
 
-          res = Sqreen::EncodingSanitizer.sanitize(res)
+          res = Sqreen::Kit::StringSanitizer.sanitize(res)
 
           if rr.redactor
             res[:request], redacted = rr.redactor.redact(res[:request])

data/lib/sqreen/log.rb

@@ -14,16 +14,17 @@ require 'sqreen/deferred_logger'
 
 module Sqreen
   def self.log_init
+    deferred_logger = @logger
     @logger = Sqreen::Logger.new(
       Sqreen.config_get(:log_level).to_s.upcase,
       Sqreen.config_get(:log_location)
     )
-    Sqreen::DeferredLogger.instance.flush_to(@logger.instance_eval { @logger })
+    deferred_logger.flush_to(@logger.instance_eval { @logger })
   rescue => e
     warn "Sqreen logger exception: #{e}"
   end
 
   def self::log
-    @logger || Sqreen::DeferredLogger.instance
+    @logger ||= Sqreen::DeferredLogger.new
   end
 end

data/lib/sqreen/log/loggable.rb

@@ -4,6 +4,7 @@
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 
 require 'logger'
+require 'sqreen/log'
 
 module Sqreen; end
 module Sqreen::Log; end

data/lib/sqreen/logger.rb

@@ -28,6 +28,26 @@ module Sqreen
       create_error_logger
     end
 
+    def debug?
+      @logger.debug?
+    end
+
+    def info?
+      @logger.info?
+    end
+
+    def warn?
+      @logger.warn?
+    end
+
+    def error?
+      @logger.error?
+    end
+
+    def fatal?
+      @logger.fatal?
+    end
+
     def debug(msg = nil, &block)
       @logger.debug(msg, &block)
     end
@@ -45,6 +65,10 @@ module Sqreen
       @logger.error(msg, &block)
     end
 
+    def unknown(msg = nil, &block)
+      @logger.unknown(msg, &block)
+    end
+
     def add(severity, msg = nil, &block)
       send(SEVERITY_TO_METHOD[severity], msg, &block)
     end

data/lib/sqreen/metrics.rb

@@ -7,3 +7,4 @@ require 'sqreen/metrics/collect'
 require 'sqreen/metrics/average'
 require 'sqreen/metrics/sum'
 require 'sqreen/metrics/binning'
+require 'sqreen/metrics/req_detailed'

data/lib/sqreen/metrics/req_detailed.rb

@@ -0,0 +1,41 @@
+require 'base64'
+require 'sqreen/mono_time'
+require 'sqreen/metrics/base'
+begin
+  require 'sq_detailed_metrics'
+rescue LoadError => _e # rubocop:disable Lint/HandleExceptions
+end
+
+module Sqreen
+  module Metric
+    class ReqDetailed < Base
+      attr_reader :num_requests
+
+      def initialize(opts = {})
+        raise 'SqDetailedMetrics unavailable' unless defined?(SqDetailedMetrics)
+        super(opts)
+        @coll = SqDetailedMetrics::RequestCollection.new
+        @start_time = Sqreen.time
+        @num_requests = 0
+      end
+
+      # @param [SqDetailedMetrics::Request] value
+      def update(_key, value)
+        @coll << value
+        @num_requests += 1
+      end
+
+      def next_sample(time)
+        data = @coll.serialize
+        @num_requests = 0
+        return nil unless data
+
+        {
+          OBSERVATION_KEY => { 'v1' => Base64.strict_encode64(data) },
+          START_KEY => @start_time,
+          FINISH_KEY => (@start_time = time),
+        }
+      end
+    end
+  end
+end

data/lib/sqreen/metrics_store.rb

@@ -27,6 +27,7 @@ module Sqreen
     def initialize
       @store = []
       @metrics = {} # name => (metric, period, start)
+      @mutex = Mutex.new
     end
 
     # Definition contains a name,period and aggregate at least
@@ -34,6 +35,8 @@ module Sqreen
     # @param rule [RuleCB] the rule associated with this metric, if any
     # @param mklass [Object] Override metric object (used in testing)
     def create_metric(definition, rule = nil, mklass = nil)
+      @mutex.lock
+
       name = definition[NAME_KEY]
       kind = definition[KIND_KEY]
       klass = valid_metric(kind, name)
@@ -49,6 +52,8 @@ module Sqreen
       metric.rule = rule
       metric.period = definition[PERIOD_KEY]
       metric
+    ensure
+      @mutex.unlock
     end
 
     def metric?(name)
@@ -57,21 +62,27 @@ module Sqreen
 
     # @param at [Time] when is the store emptied
     def update(name, at, key, value)
+      @mutex.lock
       metric, period, start = @metrics[name]
       raise UnregisteredMetric, "Unknown metric #{name}" unless metric
       next_sample(name, at) if start.nil? || (start + period) < at
       metric.update(key, value)
+    ensure
+      @mutex.unlock
     end
 
     # Drains every metrics and returns the store content
     # @param at [Time] when is the store emptied
     def publish(flush = true, at = Sqreen.time)
+      @mutex.lock
       @metrics.each do |name, (_, period, start)|
         next_sample(name, at) if flush || !start.nil? && (start + period) < at
       end
       out = @store
       @store = []
       out
+    ensure
+      @mutex.unlock
     end
 
     protected

data/lib/sqreen/null_logger.rb

@@ -9,6 +9,26 @@ module Sqreen
   class NullLogger
     include Singleton
 
+    def debug?
+      false
+    end
+
+    def info?
+      false
+    end
+
+    def warn?
+      false
+    end
+
+    def error?
+      false
+    end
+
+    def fatal?
+      false
+    end
+
     def debug(_msg = nil); end
 
     def info(_msg = nil); end
@@ -19,6 +39,8 @@ module Sqreen
 
     def fatal(_msg = nil); end
 
+    def unknown(_msg = nil); end
+
     def add(_severity, _msg = nil); end
 
     def formatter=(_); end

data/lib/sqreen/remote_command.rb

@@ -18,6 +18,7 @@ module Sqreen
       :features_get => :features,
       :features_change => :change_features,
       :force_logout => :shutdown,
+      :force_restart => :restart,
       :paths_whitelist => :change_whitelisted_paths,
       :ips_whitelist => :change_whitelisted_ips,
       :get_bundle => :upload_bundle,

data/lib/sqreen/rules.rb

@@ -114,15 +114,19 @@ module Sqreen
           Sqreen.log.warn('No JavaScript engine is available. ' \
               'JavaScript callbacks will be ignored')
         end
-        Sqreen.log.info("Ignoring JS callback #{rule_name}")
+        Sqreen.log.debug("Ignoring JS callback #{rule_name}")
         return nil
       end
 
       cb_class = ExecJSCB if js
 
-      if cbname && Rules.const_defined?(cbname)
-        # Only load callbacks from sqreen
-        cb_class = Rules.const_get(cbname)
+      if cbname
+        cb_class = if cbname.include?('::')
+                     # Only load callbacks from sqreen
+                     Rules.walk_const_get(cbname) if cbname.start_with?('::Sqreen::', 'Sqreen::')
+                   else
+                     Rules.const_get(cbname) if Rules.const_defined?(cbname) # rubocop:disable Style/IfInsideElse
+                   end
       end
 
       if cb_class.nil?

data/lib/sqreen/rules/blacklist_ips_cb.rb

@@ -33,7 +33,7 @@ module Sqreen
       private
 
       def insert_values(ranges)
-        Sqreen.log.info 'no ips given for IP blacklisting' if ranges.empty?
+        Sqreen.log.debug 'no ips given for IP blacklisting' if ranges.empty?
 
         ranges.map { |r| Prefix.from_str(r, r) }.each do |prefix|
           trie_for(prefix).insert prefix
@@ -50,7 +50,7 @@ module Sqreen
         begin
           ipa = IPAddr.new(rip)
         rescue StandardError
-          Sqreen.log.info "invalid IP address given by framework: #{rip}"
+          Sqreen.log.debug "invalid IP address given by framework: #{rip}"
           return nil
         end